From 93815fc7619567cc962e053280c5ed0b19492feb Mon Sep 17 00:00:00 2001 From: "lpsolit%gmail.com" <> Date: Sun, 15 Oct 2006 05:02:09 +0000 Subject: Bug 281181: [SECURITY] It's way too easy to delete versions/components/milestones etc... - Patch by Frédéric Buclin r=mkanat a=myk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- editclassifications.cgi | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'editclassifications.cgi') diff --git a/editclassifications.cgi b/editclassifications.cgi index 026f1b3ab..0ebfb97fa 100755 --- a/editclassifications.cgi +++ b/editclassifications.cgi @@ -28,6 +28,7 @@ use Bugzilla::Constants; use Bugzilla::Util; use Bugzilla::Error; use Bugzilla::Classification; +use Bugzilla::Token; my $dbh = Bugzilla->dbh; my $cgi = Bugzilla->cgi; @@ -68,7 +69,8 @@ ThrowUserError("auth_classification_not_enabled") # my $action = trim($cgi->param('action') || ''); my $class_name = trim($cgi->param('classification') || ''); - +my $token = $cgi->param('token'); + # # action='' -> Show nice list of classifications # @@ -88,6 +90,7 @@ unless ($action) { # if ($action eq 'add') { + $vars->{'token'} = issue_session_token('add_classification'); LoadTemplate($action); } @@ -96,6 +99,7 @@ if ($action eq 'add') { # if ($action eq 'new') { + check_token_data($token, 'add_classification'); $class_name || ThrowUserError("classification_not_specified"); @@ -124,6 +128,7 @@ if ($action eq 'new') { $vars->{'classification'} = $class_name; + delete_token($token); LoadTemplate($action); } @@ -147,6 +152,7 @@ if ($action eq 'del') { } $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('delete_classification'); LoadTemplate($action); } @@ -156,6 +162,7 @@ if ($action eq 'del') { # if ($action eq 'delete') { + check_token_data($token, 'delete_classification'); my $classification = Bugzilla::Classification::check_classification($class_name); @@ -179,6 +186,7 @@ if ($action eq 'delete') { $vars->{'classification'} = $classification; + delete_token($token); LoadTemplate($action); } @@ -194,6 +202,7 @@ if ($action eq 'edit') { Bugzilla::Classification::check_classification($class_name); $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('edit_classification'); LoadTemplate($action); } @@ -203,6 +212,7 @@ if ($action eq 'edit') { # if ($action eq 'update') { + check_token_data($token, 'edit_classification'); $class_name || ThrowUserError("classification_not_specified"); @@ -254,6 +264,7 @@ if ($action eq 'update') { $dbh->bz_unlock_tables(); + delete_token($token); LoadTemplate($action); } @@ -270,25 +281,30 @@ if ($action eq 'reclassify') { WHERE name = ?"); if (defined $cgi->param('add_products')) { + check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('prodlist')) { foreach my $prod ($cgi->param("prodlist")) { trick_taint($prod); $sth->execute($classification->id, $prod); } } + delete_token($token); } elsif (defined $cgi->param('remove_products')) { + check_token_data($token, 'reclassify_classifications'); if (defined $cgi->param('myprodlist')) { foreach my $prod ($cgi->param("myprodlist")) { trick_taint($prod); $sth->execute(1,$prod); } } + delete_token($token); } my @classifications = Bugzilla::Classification::get_all_classifications; $vars->{'classifications'} = \@classifications; $vars->{'classification'} = $classification; + $vars->{'token'} = issue_session_token('reclassify_classifications'); LoadTemplate($action); } -- cgit v1.2.3-24-g4f1b